﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;

namespace Twi.COMMON.Core
{
    public class CheckSafe
    {
        /// <summary>
        /// 检测是否包含不安全的关键词
        /// </summary>
        /// <param name="str">要检测的字符串</param>
        public static void Validate(string str)
        {
            if (!string.IsNullOrEmpty(str) && str.Length > 3)
            {
                str = str.ToLower();
                //检查and比较重要，一般注入都是在后面使用and
                string[] keywords = new string[] { "and", "update", "delete", "drop", "alter", "backup", "exec", "insert", "declare" };
                Regex r = null;
                foreach (string keyword in keywords)
                {
                    r = new Regex(string.Format("\\s+{0}\\s+", keyword));
                    if (r.IsMatch(str))
                    {
                        throw new Exception("检测到存在安全隐患的关键词：" + keyword);
                    }
                }
            }
        }
    }
}
